At Brokers' BackOffice we take data security very seriously and therefore have implemented very strong IT control environment to protect against siginificant security vulnerabilities. In fact, majority of the aggregator groups scrutinise our information security and other operational controls before allowing the broker partners to utilise our services.

Data security

Being an ISO27001 certified, our organisation adhere to industry best practices and regulations for data security, ensuring the highest level of protection for your sensitive information.

Our extensive security framework addresses critical components of managing IT controls, HR-related controls, physical security controls, client data privacy, quality assurance, and risk management within a business context.

At Brokers' BackOffice, we understand that implementing these robust measures is essential for safeguarding sensitive data, fostering employee professionalism, adhering to industry standards, and delivering high-quality services consistently.

By proactively addressing each of these areas and investing in employee training, Brokers' BackOffice has been effectively mitigating potential risks, enhancing security posture, and creating a secure, efficient, and trustworthy environment that fosters client trust and long-term success.

A snapshot of some of the controls have been listed below:

IT Controls

  • Secure remote access: Team members connect to Sydney-based AWS EC2 servers via Windows RDP to perform accounting services, ensuring a secure connection.

  • Access controls and user authentication: Role-based access controls and multi-factor authentication to ensure that only authorised personnel can access sensitive data.

  • Data encryption: Strong encryption protocols to protect sensitive data during storage and transmission.

  • Clients-managed access: We allow our clients to manage access to their files and folders for the team members, granting them only the necessary level of permissions and revoking access once accounting tasks are finalised.

  • Prohibited local storage: Server-based security controls prevent unauthorised copying or moving of files and folders from secured servers to personal devices, keeping data within a protected environment. The use of USBs, CDs, and other mobile storage devices is disabled on our servers to prevent unauthorised data transfer.

  • Regular data backups: We use S3 buckets for secured data storage which automatically backs up at regular intervals safeguarding your data, allowing for prompt recovery in case of any contingencies.

  • Disaster recovery: Regular, secure backups of all critical data and implement a comprehensive disaster recovery plan to minimise downtime and data loss in the event of a system failure.

  • Network security and firewall protection: Utilise advanced firewalls and intrusion detection systems to protect your network from unauthorised access and cyberattacks.

  • Scalable infrastructure: Our servers are easily scalable, with virtual machines that can be created in minutes to maintain seamless operations without significant interruptions.

  • Guaranteed uptime: Our servers are based on Amazon's AWS infrastructure that ensures high availability and reliable performance for your peace of mind.

  • Dedicated IT support: Our team of IT professionals works tirelessly to ensure system stability, data security, and efficient restoration of files or folders if needed.

  • System and application monitoring: Continuous monitoring of all systems and applications for unusual activity or potential security threats and address issues promptly.

  • Regular software updates and patch management: All software are kept up-to-date with the latest patches and security updates to minimise vulnerabilities.

HR Related Controls

  • Ongoing training and development in security practices: Provide regular training on best practices for data security, privacy, and compliance.

  • Confidentiality and non-disclosure agreements: Require all employees to sign confidentiality and non-disclosure agreements to protect client information.

  • Clear policies and guidelines for data handling: Established and enforced strict policies for data handling, including data classification, storage, and disposal.

  • Regular employee performance evaluations: Conducting regular performance evaluations to ensure employees maintain high standards of professionalism and data security.

Client Data Privacy and Confidentiality

  • Compliance with relevant privacy regulations and standards: Adhere to all applicable privacy regulations, such as the Australian Privacy Principles, and maintain up-to-date knowledge of any changes.

  • Transparent privacy policy and data handling practices: Clearly communicate your privacy policy and data handling practices to clients and obtain their consent.

  • Regular audits and assessments of data privacy processes: Conduct periodic audits of your data privacy processes to identify potential vulnerabilities and areas for improvement.

  • Secure communication channels with clients: Use encrypted communication channels, such as secure email or client portals, to share sensitive information with clients.

Quality Assurance and Control

  • Implementation of standard operating procedures (SOPs): Develop and enforce SOPs to ensure consistency and accuracy in the delivery of your services.

  • Regular internal and external audits: Perform regular audits to assess the effectiveness of your quality management system and identify areas for improvement.

  • Continuous improvement and feedback loops: Implement a culture of continuous improvement by encouraging feedback from employees and clients and using it to refine your processes.

  • Performance metrics and benchmarking: Establish performance metrics to measure the effectiveness of your services and benchmark against industry standards.

  • Quality certifications (e.g., ISO 9001): Obtain relevant quality certifications to demonstrate your commitment to high-quality service delivery.

Risk Management and Compliance

  • Identification and assessment of potential risks: Identify potential risks to your business and assess their likelihood and potential impact on your operations.

  • Development and implementation of risk mitigation strategies: Develop strategies to mitigate identified risks and implement them to minimise potential negative effects on your business.

  • Compliance with industry standards and regulations: Ensure that your company stays compliant with all relevant industry standards and regulations, such as those set by the ATO, ASIC, and other governing bodies.

  • Regular risk and compliance training for employees: Provide ongoing training for employees to ensure they understand and adhere to all applicable regulations, industry standards, and risk management practices.

Connect with us

Are you looking for an efficient and reliable back-office resource to manage all of your loan processing tasks?

Book an appointment

30+ tasks that mortgage brokers can outsource

ebook Download

Have Questions?

Contact us today to discuss your queries

Book a call questions

Get in touch to discuss your queries

BBO
pay-per-application

Pay per application

Easy process and quick turn around time. Just pay the fixed fee for each application

Read more
virtual team member

Virtual team member

Fully trained and dedicated loan processing officers to work as part of your team

Read more
call

Book a call

We’re always here to help you with any questions or concerns. For more details call us

Book a call